Search This Blog

Sunday, July 31, 2011

Success Alert...(Your email just W o n £ 850,000 UK Pounds in our on-going 12th Anniversary PROMO!!)

We urgently wish to inform you again that your e-mail w o n £850,000 UK
Pounds {with L u c k y # :12-12-23-35-40-41(12) & T i c k e t # :008 695
757 336 64} in our on-going 12th Anniversary Online Giveaway draws .
For further information to be provided, you have to reply this notice
immediately to confirm this email account is still active.

Mrs Daiane Santos.
Giveaway Online Announcer.

School will be in session soon - get shopping.

Start your back-to-school shopping before the bell rings. View online | View on mobile
Cell Phones Portable Music Cameras & Camcorders Home Entertainment Power & Batteries Hobby & Do-It-Yourself Computers
The Shack Credit Card is Online! Open a new account today and discover all the benefits of being a cardholder. Already a cardholder? Manage your account online >
Prices good through 8/6/11.

*Price requires credit approval and may require deposit. Subject to carrier agreement terms, including up to $36 activation/upgrade and up to $325 early-termination fee per line. Monthly access, data, overage, taxes and other charges apply. Coverage not available everywhere; 4G may default to 3G when 4G not available; see store or carrier website for details. Sprint EVO 4G: $499.99 unactivated — $149.99 Sprint instant rebate — $350 instant savings = Free.

**Available in select stores, via Direct2U (fast, free delivery to your doorstep) and at

†In-store only. Excludes clearance.

To ensure delivery to your inbox, please add to your address book.

RadioShack has a strict NO SPAM policy.
Unsubscribe | Privacy Policy | Terms and Conditions | Customer Service | 1-800-THE-SHACK®

This is an advertisement from RadioShack. © 2011 RadioShack Corporation. All rights reserved.
RadioShack Riverfront Campus — 300 RadioShack Circle, Fort Worth, TX 76102

Saturday, July 30, 2011

firewall-wizards Digest, Vol 60, Issue 1

Send firewall-wizards mailing list submissions to

To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to

You can reach the person managing the list at

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."

Today's Topics:

1. CFP Securitybyte India (Papers, Call For)
2. Re: obscure email address formats (Martin Barry)


Message: 1
Date: Sun, 24 Jul 2011 20:17:25 +0530
From: "Papers, Call For" <>
Subject: [fw-wiz] CFP Securitybyte India
Content-Type: text/plain; charset="iso-8859-1"

Hi All,
The first round of speakers have been selected for Securitybyte, please
follow us on twitter @securitybyte to get the latest updates on speakers and

Deral Heiland, From Printer to Owned: Leveraging Multifunction Printers
During Penetration Testing
Nithya Raman, Security threats on social networks
Alexander Polyakov, A Crushing Blow At the Heart of SAP J2EE Engine
Bishan Singh, Enabling Un-trusted Mashups
Krzysztof Kotowicz, HTML5: Something Wicked This Way Comes
John McColl, Hacking Corporate Telephony
Aseem Jakhar, Runtime thread injection and execution in Linux processes
George Nicolaou, Alternative Exploitation Vectors (A study of CVE-3333)
Michele Orru, Securing the Browser
Kanwal K. Mookhey, The Data Theft Epidemic in India
Vivek Ramachandran, Enterprise Wi-Fi Worms, Backdoors and Botnets for Fun
and Profit

The 2nd round of CFP is out


Securitybyte is proud to announce its Second Annual International
Information Security Conference, "Securitybyte 2011" in Bangalore, India.
This 4-day event features two days of conferences and two days of
post-conference hands-on Trainings & Certifications covering every aspect of
Information Security. The Securitybyte conference features some of the most
respected names in the Security space and is focused around new research and
innovation. The Securitybyte Conference 2011 is planned for Sept 6th through
9th, 2011 at The Taj Hotel in Bangalore, India.

The two-day conference (Sept 6th & 7th) will have the following three

Deep Technical
Government & Governance

Submission Deadline: The first round of submission of papers for conference
talks and trainings should be done no later than August 5th, 2011. Please
send all your submissions to, keeping subject line as
"SB 2011 CFP Submission".


Got a new attack against any technology or device? We want to see it.

Topics of interest include, but are not limited to, the following:

Case studies around any of the topics above of how the
implementation was done and what were some of the lessons learned.


Cloud Security
Electronic Device Security (Cell Phones / PDA's)
Defeating Biometrics
WLAN, RFID and Bluetooth Security
Data Recovery and Incident Response
Virtualization Security
Database Security
Forensic & Cyber security

Regulatory & Law

Copyright infringement and anti-copyright infringement
enforcement technologies
Critical infrastructure issues
Data security and privacy issues
Identity theft, identity creation & identity fraud
Corporate Espionage

National Security

Cyber forensics
Cyber warfare
Cyber Espionage
Next hyphenGen Cyber threats
Critical Infrastructure protection
Surveillance & counter-surveillance

Speaker Submission:

Please use the following submission form template to respond:

Name, title, address, email, and phone/contact number
Short biography, qualifications, occupation, achievements, and
affiliations (limit 250 words.)
Summary or abstract of your presentation (limit 1250 words.)
Technical requirements (video, internet, wireless, audio, etc.)
References (Contact name, title, and email address of two conferences
you have spoken at or comparable references.)

**Please note, product or vendor pitches are not accepted. If your talk
involves an advertisement for a new product or service your company is
offering, please do not submit a proposal.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>


Message: 2
Date: Tue, 26 Jul 2011 13:47:02 +0200
From: Martin Barry <>
Subject: Re: [fw-wiz] obscure email address formats
Message-ID: <>
Content-Type: text/plain; charset=iso-8859-1

$quoted_author = "ArkanoiD" ;
> Is there any good reason to allow email addresses (in smtp, imap and alikes)
> in any format different from mailbox@fqdn ?

The other caveat with validating email addresses is with IDN? you now
need to support unicode in the frontend although your existing regex should
cope fine with punycode'd FQDNs in the backend.




firewall-wizards mailing list

End of firewall-wizards Digest, Vol 60, Issue 1

Pakistan's Day Offers for Ladies only

Friday, July 29, 2011

=?iso-8859-1?Q?Friday Roundup: VOIP=2C Virtualization=2C Cloud Testing=2C and SaaS Migration?=

This message is brought to you as a valued IDG Connect subscriber.

VOIP, Virtualization, Cloud Testing, and SaaS Migration.


Welcome to the first VoicesOn Friday Roundup. This week, we bring you white papers on Hosted VOIP Systems, Virtualization, Cloud Testing, and SaaS Migration.

How to choose the best hosted VoIP system for your Small to Medium sized business
An efficient and economical telephone communication system is necessary for any company, but even more important for a small and medium-sized business on a tight budget. VoIP telephony is the most appropriate solution for a small or medium sized business enterprise, with a wide range of features and cost benefits. Startups especially benefit from VoIP, since they do not have the burden of existing equipment and infrastructure to deal with.

Extending IT Virtualization to Oracle Database Infrastructure
Learn why Brian Babineau, Vice President of Research and Analyst Services at ESG, recommends the expansion of virtualization initiatives into the data tier to Reduce operating expenses, Improve asset utilization, Cut capital costs and Enable IT agility.

Why Load Testing From the Cloud Doesn't Work
Download this white paper to learn some of the real-life examples of problems found when load testing and what approach is required to find them.

Migrating to a SaaS Model: A Roadmap to Success
This whitepaper will examine today's SaaS opportunities and challenges, and will show how a hosting company, such as Verio, can help ISVs capitalize on the rapidly evolving market opportunities.


Thank you,

Forward this to a Friend >>>
To unsubscribe from future Voiceson emails, please click here.

View our Privacy Policy.

You are receiving this email from IDG as a subscriber to one of the IDG brands:
CIO | Computerworld | CSO | GamePro | | Industry Standard | Infoworld | ITworld | JavaWorld | LinuxWorld | Macworld | Network World | DEMO | IDG Connect | IDG Knowledge Hub | IDG Tech Network | IDG World Expo

Copyright 2011 | VoicesOn - IDG Connect, 492 Old Connecticut Path, Framingham, MA 01701.

iPhone 5 rumor roll-up for the week ending July 29

Facebook to pay hackers for bugs | Debt reduction deadlock drags down corporate capital spending on software, more

Network World Daily News PM

Forward this to a Friend >>>

iPhone 5 rumor roll-up for the week ending July 29
Evidence, or "evidence," surfaces this week showing the Next iPhone will be either a lot like the existing iPhone or radically different. Apple moves into weapons manufacturing. Read More


Network Consulting Services Lead Enterprise Transformation
The IP network has become business critical for organizations that increasingly rely on it for all forms of communication and business processes. As a result of these demands, services organizations will play an increasingly important role in helping enterprises develop network strategies to optimize and successfully deploy networking investments. Learn more

WHITE PAPER: CA Technologies

CIOs Feel the Pressure to Optimize the Online Experience
In this exclusive survey, CIOs weigh in on the business impact of application performance. This white paper presents the survey results and offers guidance on building a business case to optimize the customer experience with consistently excellent application performance. Learn More

Facebook to pay hackers for bugs
Facebook is going to pay hackers to find problems with its website -- just so long as they report them to Facebook's security team first. Read More

Debt reduction deadlock drags down corporate capital spending on software, more
The U.S. debt reduction deadlock in Congress is already taking a toll on how much companies are spending on property, buildings and equipment, including computer hardware and software, according to a new survey by ChangeWave Research. Read More

SysAdmin wanted to star in a Hollywood film
Happy SysAdmin Day. In honor of that, business video provider Qumu is inviting real life system administrators to enter a contest in which the winner will star in a short film, as part of series of short films. Qumu commissioned "Gears of War" video art director and filmmaker Jerry O'Flaherty to create a science-fiction short film with the SysAdmin as the hero. The first one is out now and is... Read More

Google gets defensive, buys IBM patents
Google acquired 1,030 patents from IBM in a defensive move aimed at protecting itself from lawsuits. "Bad software patent litigation is a wasteful war that no one will win," Google says. Read More


Delivering Information you can trust
This whitepaper rovides an overview of the current data quality problem and describes how IBM® InfoSphere® Information Server for IBM System z® can become your foundation for data quality and make a big difference in helping you derive more value from the complex, heterogeneous information spread across your systems. Read Now

Data center startup Plexxi lands $20 million more
Stealthy data center startup Plexxi has landed another $20 million in funding as it continues development of a network fabric to tie together applications, compute and storage. Read More

Apple has more cash than US government! Buyout not imminent though
Given the current level of disarray and ineptitude of the elected officials in Washington DC right now this news probably shouldn't be all that shocking: Apple with its $76 billion in the bank has more cash than the US with its almost $74 billion. The news has prompted a variety of reactions. More wacky news: 20 of the weirdest, wackiest and stupidest sci/tech stories of 2011 (so far!) Read More

A10 countersues Brocade over patents
A10 Networks said it is countersuing Brocade for patent infringement and seeking to bar sales of its competitor's products in response to a motion filed this week by Brocade to bar sales of A10 products. Read More

Latest Windows Phone 7 tools let coders ready Mango apps
Microsoft has released the latest beta version of the Windows Phone 7 Mango development tools and OS build to developers. They can now start final preparations for submitting the first batch of Mango apps for certification in August. Carriers and handset makers are already testing near-final code for new phones due this fall. Read More

WHITE PAPER: Akamai Technologies, Inc.

A Perspective from the Edge of the Cloud
Akamai Chief Scientist and co-Founder Tom Leighton explores the major forces and technology layers driving the cloud computing movement, the types of architectural approaches emerging and an assessment of the challenges that must be overcome for cloud computing to broadly succeed. Read now

Anonymous claims to have breached ManTech International's network
A tweet sent by the hacker group Anonymous at midnight yesterday claims the group has broken into the network of defense contractor ManTech International and intends to release seized documents within 24 hours. Read More

Malwarebytes preps enterprise edition of PC-cleaning software
Malwarebytes this fall expects to release an enterprise-grade anti-malware platform that it says doesn't compete directly with traditional antivirus software because it relies more on observing how the malware acts and less on seeking code signatures. Read More

CA Technologies buys Watchmouse for cloud monitoring
CA Technologies is purchasing WatchMouse, a maker of SaaS-based tools for monitoring mobile and on-demand applications, the company announced Friday. Terms were not disclosed. Read More

How to survive Black Hat and Defcon without getting hacked -- maybe
Among the thousands of security experts at the Black Hat, Defcon and Security BSides conferences next week in Las Vegas, some will surely test whether they can break into nearby laptops, phones, networks -- even RFID-enabled room keys and credit cards. Read More

Best of Google Labs: A Retrospective
As Google shuts down Google Labs, we look back at the many innovations the effort brought us, including Gmail, Google Goggles, Google Earth and Google Maps, among others. Read More

Up for grabs from the Subnets: Cisco Subnet: 15 copies of IPv6 for Enterprise Networks books. Enter here.


The Geekiest iPad Apps Ever
We scoured the App Store to find the "geekiest" apps out there for the true purveyor of all things geek.


  1. Wham Bam Google Ban: No Pseudonyms on Google Plus Profiles
  2. The 5 biggest IT security mistakes
  3. How to implement IPv6 in a Windows environment: an expert guide
  4. Why I was banned on Google+ (and how I redeemed myself)
  5. 15 incredibly useful (and free) Microsoft tools for IT pros
  6. Cisco rival Juniper lands Microsoft's Muglia
  7. Law firm rallies AT&T customers to block T-Mobile merger with lure of cash
  8. 10 technologies that will change the world in the next 10 years
  9. 10 things you shouldn't be able to buy online
  10. The problem with weak passwords and hijacked Hotmail

Do You Tweet?
Follow everything from on Twitter @NetworkWorld.

You are currently subscribed to networkworld_daily_news_alert as

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

If you are interested in advertising in this newsletter, please contact:

To contact Network World, please send an e-mail to

Copyright (C) 2011 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to **

Cisco seeks relief from development obligation;

SysAdmin wanted to star in a Hollywood film | Juniper mirrors, foreshadows Cisco's problems

Network World Cisco

Forward this to a Friend >>>

Cisco seeks relief from development obligation
Jim Duffy: As it navigates some of the darkest waters of its 25+-year voyage, Cisco is looking to back out of a deal to develop 1 million square feet of land in Alviso, CA. Read More

WHITE PAPER: Enterasys Networks

Confessions of a Market Leader
With Enterasys, Stephens Support Services is able to manage each business independently, while maintaining a single unified wired & wireless network. Click here to learn more! Learn more


Get Wi-Fi Ready as a LAN Replacement
As Wi-Fi continues to evolve, administrators need better real-time visibility into the "health" of clients. Learn how one tool can provide an intuitive, "at-a-glance" picture of: - Client transmission data rates - Transmission success rates - Goals of deployment for high, normal and low density locations Read now!

SysAdmin wanted to star in a Hollywood film
Julie Bort: Happy SysAdmin Day. In honor of that, business video provider Qumu is inviting real life system administrators to enter a contest in which the winner will star in a short film, as part of series of short films. Here is the first video in this series. Read More

Juniper mirrors, foreshadows Cisco's problems
Jim Duffy: Has Juniper caught the Cisco 'flu?' It appears that many of the same issues affecting Cisco are also afflicting Juniper two quarters into 2011. Read More

WHITE PAPER: Blue Coat Systems

Accelerate and Optimize SharePoint
Improve and accelerate all SharePoint operations and tasks. Object caching, byte caching and compression technologies, combined with protocol optimizations, allow SharePoint users to access content and complete tasks in seconds instead of minutes and reduces bandwidth utilization by up to 99%. Read now!

Nebula provides a "cloud-in-a-box"
Jon Oltsik: Under the recently-completed Vivek Kundra era, the U.S. federal government became an aggressive proponent of cloud computing. Much of this was pure folly leading to wasteful IT assessments but one of these, NASA Nebula, was a very successful cloud. Read More

TVOICE Video #3
Kevin Wallace: Here's the third in our series of TVOICE training videos. This one investigates an H.323 gateway issue. Read More


Accelerate WAN File Transfers by 50x
According to Taneja Group research, 83% of IT managers are considering a move to the cloud a top priority. This paper highlights their research and provides guidance on how to overcome cloud adoption barriers and further leverage virtualization and consolidation efforts by strategically deploying WAN optimization. Read now!

I Was Wrong About Self-Encrypting Hard Drives
Jon Oltsik: A few years ago, the EVP of marketing at EMC gave me some grief about analyst predictions. He said something like, "if I bet on your predictions and you're incorrect, I spend millions of dollars on the wrong stuff and lose my job. All you have to do is change your PowerPoint slides and move on." Read More

A mind-blowing look at today's mind-controlled, mind-reading technologies
Julie Bort: It sounds like the stuff of science fiction, but for the past few years, researchers have tapped into brain waves to control everything from video games to wheelchairs. They are beginning to use computers to decipher our thoughts, too. Read More

IPv6 Deployment Misperception: The network team owns the deployment
Shannon McFarland: The No. 2 misperception of IPv6 has more to do with politics within the enterprise than it does with technical stuff. Who runs the deployment? Read More

Visit Cisco Subnet for more daily news, blogs
The Cisco Subnet community features industry-expert bloggers, giveaways and all the top news of interest to network professionals. Follow us on Twitter @ciscosubnet Read More

Up for grabs from the Subnets: Cisco Subnet: 15 copies of IPv6 for Enterprise Networks books. Enter here.


The Geekiest iPad Apps Ever
We scoured the App Store to find the "geekiest" apps out there for the true purveyor of all things geek.


  1. Wham Bam Google Ban: No Pseudonyms on Google Plus Profiles
  2. The 5 biggest IT security mistakes
  3. How to implement IPv6 in a Windows environment: an expert guide
  4. Why I was banned on Google+ (and how I redeemed myself)
  5. 15 incredibly useful (and free) Microsoft tools for IT pros
  6. Cisco rival Juniper lands Microsoft's Muglia
  7. Law firm rallies AT&T customers to block T-Mobile merger with lure of cash
  8. 10 technologies that will change the world in the next 10 years
  9. 10 things you shouldn't be able to buy online
  10. The problem with weak passwords and hijacked Hotmail

Do You Tweet?
Follow everything from on Twitter @NetworkWorld.

You are currently subscribed to networkworld_cisco_alert as

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

If you are interested in advertising in this newsletter, please contact:

To contact Network World, please send an e-mail to

Copyright (C) 2011 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to **

Security Management Weekly - July 29, 2011


  Learn more! ->   sm professional  

July 29, 2011
Corporate Security
  1. "City Attorney Considers Filing Charges in Near Riot in Hollywood" Los Angeles
  2. "Infosys Employee Testifies on Alleged Visa Fraud"
  3. "NYC Bouquet Bandit Pleads Guilty to Bank Robberies"
  4. "Most Workplace Bullying Claims Fall Short" Australia
  5. "Texas Gunman Kills Wife, 4 of Her Relatives, Then Himself"

Homeland Security
  1. "Police Say Soldier Targeted Fort Hood"
  2. "St. Paul Police Chief Shares Strategy With House Panel Studying Somali Terrorism" Minnesota
  3. "Officials: Al-Qaeda Close to Collapse"
  4. "Gunman is Ordered Held, Warns of More Terror Cells" Oslo Attacks
  5. "Norway Mourns Its Dead as Harsh Rhetoric Spreads"

Cyber Security
  1. "Cloud Security Fears Exaggerated, Says Federal CIO"
  2. "Easing Burden to Comply With IRS Rules"
  3. "Sniffer Hijacks Secure Traffic From Unpatched iPhones"
  4. "Stuxnet Clones May Target Critical US Systems, DHS Warns"
  5. "U.S. Officials Tell Congress the Country Lags in Fortifying IT Security"




City Attorney Considers Filing Charges in Near Riot in Hollywood
Los Angeles Times (07/29/11) Gelt, Jessica; Blankstein, Andrew; Winton, Richard

Officials in Los Angeles are considering whether to move forward with criminal or civil actions against those who organized an impromptu concert outside of Grauman's Chinese Theatre on Wednesday. The theater was premiering a movie called "Electric Daisy Carnival Experience," which documents one of the country's biggest electronic music festivals. At about 2:30 Wednesday afternoon, a D.J. known as Kaskade sent out a message via Twitter that he was heading to Grauman's Chinese Theatre for a block party to celebrate the premier of the film. Kaskade had planned to arrive at the theater in a flatbed truck equipped with his equipment, play two songs, and head into the premier. The organizers of the event had been given a permit by the Fire Department. But within a matter of minutes, thousands of people had converged on the theater. One eyewitness said he saw roughly 1,000 kids run down the middle of the street with traffic coming at them. Police responded in riot gear, and Kaskade sent out another tweet asking people to leave. When all was said and done, three people had been arrested for allegedly vandalizing police cruisers. Kaskade later issued a statement and said that he did not mean to cause any trouble. The chief executive of the rave producer Insomniac Inc., which organizes the electronic music festival documented in the film, said it had nothing to do with Kaskade's planned block party.

Infosys Employee Testifies on Alleged Visa Fraud
Wall Street Journal (07/28/11) Bahree, Megha; Jordan, Miriam

Jay Palmer, an employee of India-based Infosys Technologies Ltd., has accused his company of visa fraud before a Senate Judiciary Subcommittee on Immigration, Refugees and Border Security. According to Palmer, Infosys has used illegal employees to staff projects for clients including Goldman Sachs, American Express, Wal-Mart, and Johnson Control. Palmer previously filed suit against the company in Circuit Court in Alabama for seeking his help to violate U.S. law. Infosys is cooperating with the subsequent investigation by U.S. authorities and denies the allegations. Paul N. Gottsegen, chief marketing officer for Infosys, said in a statement, “There is not, nor was there ever a strategy, scheme, or policy by the company to use the B-1 visa program to circumvent the H-1B visa program. The company did not have a practice of sending unskilled employees to the United States on B-1 visas to do the work expected of skilled individuals in the U.S. on H-1B visas.” Palmer disagrees, claiming he overheard a conversation during a March 2010 visit to Bangalore, India that indicated the company planned to increase the use of B1 visas in order to circumvent new restrictions on H-1B visas. Infosys then flooded the local consulate with visa applications in order to get as many approved as possible, regardless of the employee's skill level. Infosys then sent these unskilled workers to the United States, paying them much lower salaries but charging their U.S. clients for U.S.-standard salaries. The company also allegedly failed to pay taxes on payments to these workers.

NYC Bouquet Bandit Pleads Guilty to Bank Robberies
Associated Press (07/28/11)

A New York City man known as the Bouquet Bandit has pleaded guilty to robbing two banks while using bouquets of flowers to hide his intentions. The man, Edward Pemberton, plead guilty on July 27 in Manhattan state Supreme Court. Pemberton was arrested last year following the publication of security camera photos showing a man carrying flowers at a Manhattan bank. The neatly-bundled flowers had a hidden note that demanded $50 and $100 bills. Pemberton was able to get away with about $2,400 from both robberies. He is expected to be sentenced on Sept. 14.

Most Workplace Bullying Claims Fall Short
Sydney Morning Herald (Australia) (07/25/11) Wells, Rachel

The number of complaints of workplace bullying that Australia's WorkSafe Victoria has received in the past year has more than doubled to 6,000. But while the number of complaints has increased, no action was taken on the majority as most fell short of what constitutes workplace bullying under the law. WorkSafe's executive director of health and safety, Ian Forsyth, said the increase in complaints is likely related to the greater public awareness that has developed since the case of 19-year-old waitress Brodie Panlock, who killed herself after being bullied by four coworkers at her job. Of the 6,000 bullying complaints made in the past year to WorkSafe, only 10 percent were referred to the bullying response unit, with just 10 percent of those resulting in a workplace visit and evaluation by an inspector. However, many of the complaints were passed on to organizations such as Fair Work Australia and the Australian Human Rights Commission. The Occupational Health and Safety Act defines bullying as "repeated unreasonable behavior directed towards a worker or group of workers that creates a risk to health and safety." Experts say that if employees feel they are being bullied, they should report it to the appropriate person at their company before filing a complaint with a government agency.

Texas Gunman Kills Wife, 4 of Her Relatives, Then Himself
Seattle Times (07/24/11) Dickson, Gordon; Ramirez, Domingo

Six people were killed in a shooting at a roller-skating rink in Grand Prairie, Texas, on Saturday night. Authorities say Tan Do and his estranged wife Trini Do were hosting a birthday part for their 11-year-old son when Tan ordered the children to leave the rink's snack area. He then began shooting, hitting his estranged wife and four of her relatives. Bystanders in the roller-skating rink fled across the street to a bowling alley. Police surrounded the building with guns drawn in a matter of minutes, though Tan had turned the gun on himself. He was pronounced dead at a Dallas hospital. No children were killed in the shooting, which is believed to have been prompted by the Do's marital problems.

Police Say Soldier Targeted Fort Hood
Wall Street Journal (07/29/11) Eaton, Leslie

Authorities in Texas have uncovered another possible plot against soldiers at Fort Hood, which was the scene of a shooting rampage that resulted in the deaths of 13 people in 2009. Pfc. Naser Jason Abdo, a 21-year-old AWOL soldier who was facing a court martial at Fort Campbell, Ky., on charges of possessing child pornography, was arrested by police in Killeen, Texas, on Wednesday after a clerk at a gun store near Fort Hood became suspicious about a purchase he made. During that purchase, which took place at the same store that Maj. Nidal Hasan is believed to have bought the gun he allegedly used in the 2009 shooting, Abdo bought shotgun ammunition, gunpowder, and a magazine for a semi-automatic handgun. After being alerted by the clerk at Guns Galore, Abdo was arrested at a hotel in Killeen and was found to be in possession of gunpowder, firearms, and ammunition. Abdo later told investigators that he wanted to attack the military. Abdo has complained that he has faced discrimination in the military because he is a Muslim. Authorities do not believe that Abdo ever made his way into Fort Hood and that he may have been planning to attack soldiers at a bar or restaurant near the base.

St. Paul Police Chief Shares Strategy With House Panel Studying Somali Terrorism
St. Paul Pioneer Press (MN) (07/28/11) Gottfried, Mara H.

The House Homeland Security Committee held a hearing on Wednesday about the Somalis who live in Minnesota and have traveled back to their home countries to fight with the al-Qaida-linked group al-Shabaab. During the hearing, committee Chairman Rep. Peter King (R-N.Y.) said that more than 40 Americans have been recruited by the Somali militant group and have traveled back to the East African nation to take part in violent activities. At least 15 of these individuals have been killed. Also appearing at the hearing was former assistant U.S. Attorney William Anders Folk, who said that there is a chance that some of the individuals who have traveled to Somalia to fight with al-Shabaab could return to the U.S. However, local authorities in St. Paul, Minn., which is home to a large Somali-American community, are taking steps to ensure that al-Shabaab is not able to recruit new members in the U.S. in the first place. Speaking at Wednesday's hearing, St. Paul Police Chief Thomas Smith detailed the African Immigrant Muslim Community Outreach Program (AIMCOP), in which police officers spend time with Somali youths to help prevent them from being recruited by militants.

Officials: Al-Qaeda Close to Collapse
Washington Post (07/27/11) P. A1 Miller, Greg

Al-Qaida may be on the verge of collapse, thanks to the pressure from CIA drone strikes and the killing of Osama bin Laden in May, U.S. officials have said. Among the officials who believe that al-Qaida's demise may be near is Defense Secretary Leon Panetta, who said during a recent visit to Afghanistan that the U.S. is close to "strategically defeating" the terrorist organization. Senior officials at the CIA, the National Counterterrorism Center, and other government agencies hold similar views. According to one U.S. counterterrorism official, the term "strategic defeat" would likely mean that al-Qaida is largely incapable of mounting major attacks against the U.S. However, the official added that al-Qaida's ideology would remain a threat in the long-term, even if the group is defeated. Those who continue to adhere to that ideology could someday reconstitute al-Qaida if the organization was to be broken up, the official said. U.S. officials have also pointed out that the defeat of al-Qaida would not completely eliminate the threat from terrorism against the U.S., since attacks could still be carried out by radicalized individuals and al-Qaida affiliates like al-Qaida in the Arabian Peninsula (AQAP). In fact, AQAP is now seen as being a bigger threat than al-Qaida. The U.S. has responded by increasing the CIA's role in Yemen and working with the Saudi government to break up the group.

Gunman is Ordered Held, Warns of More Terror Cells
Wall Street Journal (07/26/11) Grundberg, Sven; Fuhrmans, Vanessa; Roldander, Niclas

The suspect in the July 22 Oslo attacks stepped back from his claims that he acted alone when he told a judge in a Norwegian court on Monday that he belonged to an organization with two other European terrorist cells. Norwegian police responded to the claims from 32-year-old Anders Behring Breivik by saying that they could not rule out the possibility that he was indeed part of a larger organization. Breivik's claims are being investigated by police. Meanwhile, the Norwegian Police Security Service has reported that Breivik has been on a list of Norwegian nationals who had made purchases from a Polish chemical store. However, no precautions were taken after Breivik was added to the watch list in March. Breivik was added to the watch list at about the same time that the Police Security Service issued a warning about increased activity among right-wing extremist groups and individuals, though it said that such groups and individuals did not pose a major threat to Norway. Norwegian officials, as well as officials in other European countries, have reassessed the threat from right-wing extremists in the days since the Oslo attacks. In the U.K., for example, the National Security Council agreed to scrutinize right-wing extremists more closely. Back in Norway, the death toll from the Oslo attacks has been revised downward from 93 to 76, though authorities said that the number of casualties could rise again as missing individuals are accounted for.

Norway Mourns Its Dead as Harsh Rhetoric Spreads
Wall Street Journal (07/25/11) Fuhrmans, Vanessa; Grundberg, Sven

Nearly 100 people were killed in twin attacks in Oslo, Norway, on July 22. The first attack involved the bombing of government offices in Oslo that killed at least seven people. Following the bombing, the confessed attacker, Anders Behring Breivik, made his way to an island north of Oslo where a summer camp for the youth wing of Norway's Labor Party is located. Dressed as a police officer and armed with a handgun and an automatic weapon, Breivik allegedly shot at people on the island for more than an hour, killing at least 86. Many of the victims were teenagers who were unable to escape the island, which lacks any bridges to the mainland. Breivik allegedly hunted down his victims in the woods of the island, and tricked some into coming out of hiding by telling them that he was a police officer. Breivik surrendered after a SWAT team arrived on the island. Authorities believe that the Labor Party was the target of the attacks. Breivik is thought to have been motivated to attack the Labor Party because he is opposed to the party's pro-immigration and pro-multiculturalism policies. Officials learned of Breivik's views from reading a manifesto he wrote entitled "Islamization of Western Europe."

Cloud Security Fears Exaggerated, Says Federal CIO
Computerworld (07/28/11) Thibodeau, Patrick

Several federal chief information officers spoke at a forum on the government's use of cloud computing technologies at the U.S. Capitol on July 27. Among those who appeared at the forum was federal CIO Vivek Kundra, who said that concerns about the security of cloud computing technologies have been exaggerated in order to discourage the adoption of the technologies. Kundra, who has made the adoption of cloud computing a priority for federal agencies, added that the security concerns have been blown out of proportion in order to preserve the status quo. In addition, Kundra discussed the government's tendency to treat all of its IT systems like they are national security systems. Kundra gave the example of the federal Web site, which is being hosted on Amazon's EC2 cloud and contains public data, which means that it does not need to be treated the same way that a CIA or National Security Agency system does. Also appearing at the forum was Federal Emergency Management Agency CIO Richard Spires, who said that his department's use of public cloud providers is expected to grow in the future. He also noted that public cloud vendors could handle more sensitive government information in the future, particularly after a planned security certification system for public cloud vendors has been completed.

Easing Burden to Comply With IRS Rules (07/28/11) Chabrow, Eric

The IRS requires that government agencies at all levels, as well as any organization that receives tax information from the IRS, provide documentation that details how they safeguard the taxpayer data they receive. Agencies in Oregon that were required to comply with the mandate initially responded by developing their own plans for how they would satisfy the IRS rules. But under the guidance of Oregon CISO Theresa Masse, the affected agencies began working together to develop an approach that each agency could use. Representatives from various state agencies formed committees and subcommittees to develop procedures that they could all use to comply with the IRS rules. Masse says the agencies decided to adopt this approach because they believed that it would be more cost effective and efficient than going it alone. She says the collaborative approach to meeting the IRS rules was revolutionary for state agencies. "They're very protective of IRS and [tax information] data, but they could see the benefits of working together," Masse says.

Sniffer Hijacks Secure Traffic From Unpatched iPhones
Computerworld (07/27/11) Keizer, Gregg

Apple has released a patch for a vulnerability that exists in the parsing of Secure Sockets Layer (SSL) certificates on its iOS operating system. The release of the patch means that attackers will no longer be able to intercept and decrypt SSL traffic when users of the iPhone 4, iPhone 3GS, and the third- and fourth-generation iPod touch visit secure sites using a public Wi-Fi hotspot. However, those who use the original iPhone, the iPhone 3G, and the first- and second-generation iPod Touch are still vulnerable to this attack because Apple no longer supports these devices with security and iOS updates. As a result, these devices should not be used for any purpose that requires security or privacy, says Sophos security researcher Chet Wisniewski. Those who use the newer iOS devices should only make phone calls with their devices until they download the patch from Apple, Wisniewski notes.

Stuxnet Clones May Target Critical US Systems, DHS Warns
The Register (UK) (07/27/11) Goodin, Dan

Department of Homeland Security officials who testified at a congressional hearing on July 26 warned about the threat from cyberattacks involving clones of the Stuxnet computer worm. According to the officials, attackers could use technical details and code samples from Stuxnet to develop clones of the worm that could be used to attack power plants, water treatment facilities, and other forms of infrastructure. Stuxnet is a self-replicating piece of malware that spreads virally through supervisory control and data acquisition (SCADA) systems that are used to control valves, gears, and other equipment used at industrial plants and factories. The worm exploits vulnerabilities in Microsoft Windows and Siemens software. Although it was used to disrupt Iran's nuclear weapons program, officials believe that security vulnerabilities in SCADA software that was made in China and used in the U.S. could leave the users of these systems open to Stuxnet-style cyberattacks.

U.S. Officials Tell Congress the Country Lags in Fortifying IT Security
eWeek (07/26/11) Rashid, Fahmida Y.

Several government officials recently testified before the U.S. House Energy and Commerce Subcommittee on Oversight about the nation's efforts to strengthen IT security. The Government Accountability Office's Gregory Wilshusen noted that the U.S. has been lagging on the implementation of necessary security measures, including the recommendations from President Obama's cyberspace policy review. Just two of the 24 recommendations from that review have been put in place. Wilshusen attributed the slow progress to the fact that federal cybersecurity officials do not have clearly defined roles and responsibilities, as well as the need for the Department of Homeland Security to improve its analysis and warning capabilities to respond to threats. Meanwhile, the National Cybersecurity and Communications Integration Center's Sean McGurk noted that there are about 300 U.S. companies using systems from Siemens that could be attacked with the Stuxnet worm. It remains unclear whether these companies had implemented the recommended security measures to guard against this threat, McGurk said. Bobbie Stempfley with the DHS' Office of Cyber Security and Communications said that DHS is concerned that attackers could use publicly available information to target industrial control systems with variants of the Stuxnet worm.

Abstracts Copyright © 2011 Information, Inc. Bethesda, MD

  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online